CVE-2025-60724

CVE Database · CVE-2025-60724

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

5.82%

Published

Nov 11, 2025

Modified

May 22, 2026

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-122

Affected Products (22)

microsoft · 365_copilot (up to 16.0.19426.20044)vulnerable

microsoft · office_long_term_servicing_channelvulnerable

microsoft · windows_10_1607 (up to 10.0.14393.8594)vulnerable

microsoft · windows_10_1809 (up to 10.0.17763.8027)vulnerable

microsoft · windows_10_21h2 (up to 10.0.19044.6575)vulnerable

References (1)

Vendor Advisory